Atro’s Origin Story

Introduction

Cybersecurity is a problem for every business in the world. And it’s only getting worse.

‍

I’ve seen the problem from many vantage points, having personally leapt from years of poverty, to Silicon Valley startups, to the echelon of ultra-high net worth individuals. Throughout it all, I yearned to help people secure their digital environments because I have an acute sensitivity to being a have-not in a world of haves.

‍

My life set me up to uplift the overlooked and underestimated. My mom raised me as one of six kids in a suburb outside of Seattle. Memories of constantly moving because we couldn’t make rent, to eventually dropping out of college because I didn’t see the point, formed the foundation of my current mission. With no social advantage, opportunities, or open doors, I was forced to take a job doing (physical) security, and ended up patrolling a billionaire’s estate as a night guard for $14/hour.

‍

As luck would have it, my dedication paid off and my first door opened at the intersection of physical and digital infrastructure. My area of focus was small teams, specifically family offices, AKA the teams of people that support the elite billionaires of the world. I’ve worked in the UHNW (Ultra High Net Worth) world for my whole career, specializing in delivering bespoke IT and cybersecurity.

‍

‍

‍

‍

From SEIM (Security information and event management) platforms, to EDR (endpoint detection and response), to working with gSOCs (global security operations centers) to build a home-grown MDR (managed detection and response), I started honing the ability to take complex skills and deploy them for small environments.

‍

All the while, two questions kept nagging me:

‍

1. Even though I can deploy these tools, why should I have to?

Where do the security tools for smaller teams exist?

‍

2. How is everyone else doing this?

What about those who don’t have the means to hire a team to manage their tech, the millions of people getting attacked on a daily basis?

From there, my earliest inspirations for Atro were born. While working for Garrett Camp (co-founder of Uber) at his tech incubator Expa, I pitched him and Dan Glenn (the CEO of Garrett’s family office and my business soulmate) an early idea of a platform that could help businesses understand and fix their security–- think Gusto, Legal Zoom, Quickbooks, or Duolingo, but for cybersecurity. With Dan and Garrett’s help, I successfully raised a pre-seed round from Expa and a few angel investors.

‍

Atro’s “Hyper MVP”

As I was still driving Garrett and Expa’s technical ship I started working on Atro on the side, with one of Expa’s brilliant designers, Fabio Giolio.

‍

From our original idea of creating a game-like product, we struck out in late 2021 to build a “hyper MVP,” a functional prototype that I could take to customers for feedback. Together with another Expa alum, engineer Jonathan Eatherly, we built a front-end-only version of Atro.

‍

‍

‍

‍

Atro’s V1 & V2

Together with a small team of developers, designers, and a product manager, we launched V1 of Atro in August 2022. Much of our focus was to build an extensible scoring engine where we could take disparate risk data from throughout an organization, based on self assessments, and roll it up into a “security score.” The scoring system took countless hours to build, and I was especially proud of getting that right.

‍

‍

‍

After getting Atro’s V1 into the market, all the client feedback I was gathering made it clear we were building it backwards. Instead of just mapping out the magnitude of the risk, we needed to empower our customers to get the problem solved.

‍

The next iteration came around Christmas 2022, and as soon as I saw the design, it was love at first sight. It was:

• Simple to understand
• Relatively easy to build and scale
• Radically Extensible
• Powerful
• A balance of insight and action, with a focus on “getting it done”

‍

The UI was based on a tile layout, and each tile was a security “flow” that got something done. Based on this new design I built a prototype in Flutterflow. I was nervous about pivoting everything we’d done previously, but my team was ready to roll up their sleeves with no pushback.

‍

At the same time, I started raising funds to keep Atro going. Despite a challenging fundraising environment at the time, I had amazing lead investors in 468 Capital and Garrett Camp, and many of our pre-seed angel investors came back into the round.

‍

With fresh wind in our sails, we started architecting our future, both with more leadership in biz ops, marketing, sales, and product, and a more robust version of the product itself. We built the new Atro on a “triple alchemy”: a composable front end (Vue components built on Nuxt.js served from Vercel), a secure and scalable backend (Phoenix /Elixir), and an “app seeding” CMS based on the neo-spreadsheet trend I call an “e-data” set.

‍

We prioritized security policies and a free security self assessment as first efforts. Next up came our phishing tool that automatically sends phishing simulations to test customers’ ability to spot scams and trains them if they fall victim (based on Gophish). Then we built integrations for Google Workspace and Microsoft Office. Pulling insights from our last version, we knew cloud integrations would be a cornerstone of Atro.

‍

‍

‍

‍

Based on customer feedback, we also decided to build device management, our first big technical challenge. We wrote a blog post about it because I’m particularly proud of the engineering effort it took to bring immense enterprise-level value into a self-serve package that is wildly extensible yet super simple to run (hint: it's built on IaC principles).

‍

Today & Beyond

Today, Atro delivers critical risk mitigation through our core suite of easy-to-run and automated solutions. We’re building features as quickly as possible and keep validating our mission with every release.

‍

On the horizon, we have things like DNS security, VPN management, antivirus, backups, network security, and enhanced cloud security through multiple integrations. The stage is set for us to continue to drive these simple automations into reality so our users can have their security cake and eat it too: easy, approachable risk management, all in one place. We’re also layering on features to help our lower-maturity clients through the security basics.

‍

The stage is set for us to continue to drive these simple automations into reality so our users can have their security cake and eat it too: easy, approachable risk management, all in one place.

‍

As I reflect on Atro’s journey thus far, I’ve realized why this hadn’t existed before:

‍

1. Cybersecurity is still in a nascent state. It might sound crazy, but it’s the truth. Most people don’t understand the unbelievable paradigm shift in security that the digital age has brought us.
2. It is REALLY hard to deliver some technical to non-technical people, but truly everyone deserves to feel empowered to secure their data.

‍

We’re excited to tackle these challenges and hope you’ll join us for the ride. Here’s to making the world safer!